Abstract:
Mobile devices have become ubiquitous, with iOS being the second most popular mobile operating system on the market [1]. One method iOS uses to ensure the security of its apps is through sandboxing. This mechanism is implemented as a set of rules compiled into binary files that lie inside the OS firmware and which are not made public by Apple. Thus, security engineers require third-party tools to decompile and then visualize the contents of the profiles mentioned above. This paper presents a validation framework for iOS sandbox profile decompilers, specifically targeting the SandBlaster tool. Our approach represents sandbox profiles as dependency graphs and compares decompiled profiles with reference implementations compiled from Sandbox Profile Language (SBPL) representations using SandScout. We evaluated our framework in iOS versions 7–10, analyzing both individual profiles and bundled profile collections. The results demonstrate 100% precision and recall for iOS 7–8 profiles, 90-100% for iOS 9, and 75-100% for iOS 10. We also optimised a performance bottleneck in SandBlaster's node matching algorithm, reducing decompilation time from over 7 hours to under 5 minutes.
Except where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivs 3.0 United States